summaryrefslogtreecommitdiffstats
path: root/src/plugins
AgeCommit message (Collapse)AuthorFilesLines
2017-07-04acl-plugin: VPP-897: applying of large number of ACEs is slowAndrew Yourtchenko2-20/+45
When applying ACEs, in the new hash-based scheme, for each ACE the lookup in the hash table is done, and either that ACE is added to the end of the existing list if there is a match, or a new list is created if there is no match. Usually ACEs do not overlap, so this operation is fast, however, the fragment-permit entries in case of a large number of ACLs create a huge list which needs to be traversed for every other ACE being added, slowing down the process dramatically. The solution is to add an explicit flag to denote the first element of the chain, and use the "prev" index of that element to point to the tail element. The "next" field of the last element is still ~0 and if we touch that one, we do the linear search to find the first one, but that is a relatively infrequent operation. Change-Id: I352a3becd7854cf39aae65f0950afad7d18a70aa Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 204cf74aed51ca07933df7c606754abb4b26fd82)
2017-07-04acl-plugin: fix acl plugin test failing sporadically (VPP-898)Andrew Yourtchenko1-0/+5
The "acl_plugin" tests has one of the tests sporadically fail with the following traceback: r.reply.decode().rstrip('\x00') UnicodeDecodeError: 'ascii' codec can't decode byte 0xd8 in position 20666: ordinal not in range(128) This occurs in the newly added "show acl-plugin table" debug CLI. This CLI has only the numeric outputs, so the conclusion is that it is the incorrect termination (trailing zero) that might be most probably causing it. The other acl-plugins show commands also lack the zero-termination termination, so fix all of them. The particularity of this command vs. the other acl-plugin debug CLIs is that the accumulator is freed and allocated multiple times, this might explain the issue is not seen with them. Change-Id: I87b5c0d6152fbebcae9c7d0ce97155c1ae6666db Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit be055bd719559fc79d8a4c06479497c4c0bfae93)
2017-06-30memif: API message handler registration bug-fixJakub Grajciar1-11/+0
- removed memif details message from memif API Change-Id: I21185e7678f375cc10639cdbc3ad2fd84bc95459 Signed-off-by: Jakub Grajciar <grajciar.jakub@gmail.com>
2017-06-27FLOWPROBE: Add flowstartns, flowendns and tcpcontrolbitsOle Troan3-14/+88
- fixed problem with tcp_flag - changed flowtimestamp into NTP format Change-Id: I4ef05d6c69c5c078a0c80d59c5ccb0c85b924ba6 Signed-off-by: Ole Troan <ot@cisco.com>
2017-06-25memif: If rx/tx_queues are unset, use default valuesMilan Lenco1-2/+12
The standard behaviour for binary API is that zeroed arguments are treated as if the default values were set. This way the configurator does not need to know what default values are. This, however, wasn't the case for rx_queues and tx_queues in memif_create binary API message. Change-Id: Ib588b472823f6bbb5ef12a798d68b0dda6dd2139 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-06-22Export and Install GTP-U API fileHongjun Ni1-1/+1
Change-Id: I064d22277a0334c63f3d5072b1584b93e327b331 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-06-22acl-plugin: clean up the code enabling/disabling acl-plugin processing on ↵Andrew Yourtchenko2-4/+18
interface Multiple subsequent calls to vnet_feature_enable_disable() to enable the feature cause the feature to be inserted into the processing graph multiple times in a row. This might be argued to be a bug in that function, but enabling already enabled feature is suboptimal anyway, so avoid that. The existing tests already catch this issue whenever the ASSERT() part of this patch was added. Change-Id: Ia2c06f7dc87bbe05795c2c7b7d19ea06270ce150 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-22NAT64: documentationMatus Fabian2-0/+211
added CLI command documentation added NAT64 user documentation page Change-Id: I3df400013800fe16351e02db7762ee3f92b195ff Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-21Introduce default rx mode for device driversDamjan Marion1-1/+1
If interface is down and queues are not configured then we are not able to change rx-mode. This change introducess default mode which is stored per interface and applied if driver wants. Change-Id: I70149c21c1530eafc148d5e4aa03fbee53dec62f Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-21acl-plugin: the second and subsequent ACEs incorrect endianness when ↵Andrew Yourtchenko1-4/+22
custom-dump and in VAT (VPP-885) Add the missing function to convert the entire array of rules in the respective _endian functions, rather than just the first rule. Change-Id: Ic057f27ff7ec20150595efca1a48b74e5850f52b Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: CLI to clear all sessionsAndrew Yourtchenko2-8/+38
It is useful to have the CLI to clear the existing sessions. There was a work-in-progress CLI but it did not work properly. Fix it and split into a separate "clear acl-plugin sessions", and add a unit test into the extended connection-oriented tests. Change-Id: I55889165ebcee139841fdac88747390903a05394 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: use ethernet_buffer_header_size() to determine the size of the ↵Andrew Yourtchenko1-1/+1
ethernet header When extracting the 5-tuple, use the ethernet_buffer_header_size() so we can correctly handle the case of subinterfaces, etc. Change-Id: Ied73fde98d6b313e9eeab2aff4f22daa50a6cbbf Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: fix coverity issue 170476Andrew Yourtchenko1-2/+1
Remove the unnecessary variable assignment which coverity detected. Change-Id: I66ac20a8495400ac59192ddb72f16c95f6b4d03c Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: fix coverity issue 166801Andrew Yourtchenko1-1/+1
A typo resulted in a value being overwritten and flagged as unused, fix the typo. Change-Id: I512ba94321afb80d12c71ebbb0eec42d9fa6f299 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21NAT64: custom prefixMatus Fabian6-65/+494
Change-Id: If397b49861468eed29b964fa64b186f80eb0eceb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-21memif: minor changes in memif.hDamjan Marion2-16/+20
Change-Id: Iff550fd65f6e559b9fdfbbd53ef92d287c18166c Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-21acl-plugin: fix coverity error 171135Andrew Yourtchenko1-0/+2
The code path which sets the sw_if_index aimed to restrict the output did not set the flag to trigger that output. Change-Id: I0a1a3977fdddbce9a276960df43fed745d099ca0 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-21acl-plugin: vat: acl_interface_list_dump confusing/incorrect output in case ↵Andrew Yourtchenko1-2/+2
n_input == 0 The logic to print the line " output " is wrong for the case of n_input == 0, and the applied ACLs are printed as if they were applied on input. One may still figure out the truth by looking at the n_input value above, but it is confusing. Change-Id: I7b4a4d548e569994678dd1e139eb829456548b88 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-20SNAT: unknow protocol hairpinning fixMatus Fabian1-1/+1
Change-Id: I15813167e7c8529f229143de4a8f64f0fb530951 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19NAT64: change not supported multi threading behaviourMatus Fabian5-6/+104
Disable CLI/API commands instead of error message on startup. Change-Id: I313ed6e2ea009f573afb5e08b0e85ed1f9091dc3 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19memif: add ip modeDamjan Marion4-35/+132
In IP mode memif interface is L3 point-to-point interfaces and we don't pass l2 header. There is no l2 header rewrite operation and received packets are sent straight to ip4-input / ip6-input nodes. Change-Id: I4177f3fce3004da7ecf14d235006ae053fcf3f09 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-19SNAT: NAT packet with unknown L4 protocol if match 1:1 NATMatus Fabian2-6/+104
Change-Id: Ic81c6098d615fdb6a874e532921efd833fed872c Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-19acl-plugin: bihash-based ACL lookupAndrew Yourtchenko10-10/+1572
Add a bihash-based ACL lookup mechanism and make it a new default. This changes the time required to lookup a 5-tuple match from O(total_N_entries) to O(total_N_mask_types), where "mask type" is an overall mask on the 5-tuple required to represent an ACE. For testing/comparison there is a temporary debug CLI "set acl-plugin use-hash-acl-matching {0|1}", which, when set to 0, makes the plugin use the "old" linear lookup, and when set to 1, makes it use the hash-based lookup. Based on the discussions on vpp-dev mailing list, prevent assigning the ACL index to an interface, when the ACL with that index is not defined, also prevent deleting an ACL if that ACL is applied. Also, for the easier debugging of the state, there are new debug CLI commands to see the ACL plugin state at several layers: "show acl-plugin acl [index N]" - show a high-level ACL representation, used for the linear lookup and as a base for building the hashtable-based lookup. Also shows if a given ACL is applied somewhere. "show acl-plugin interface [sw_if_index N]" - show which interfaces have which ACL(s) applied. "show acl-plugin tables" - a lower-level debug command used to see the state of all of the related data structures at once. There are specifiers possible, which make for a more focused and maybe augmented output: "show acl-plugin tables acl [index N]" show the "bitmask-ready" representations of the ACLs, we well as the mask types and their associated indices. "show acl-plutin tables mask" show the derived mask types and their indices only. "show acl-plugin tables applied [sw_if_index N]" show the table of all of the ACEs applied for a given sw_if_index or all interfaces. "show acl-plugin tables hash [verbose N]" show the 48x8 bihash used for the ACL lookup. Change-Id: I89fff051424cb44bcb189e3cee04c1b8f76efc28 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-19NAT64: Hairpinning (VPP-699)Matus Fabian5-24/+428
Change-Id: I83a6c277fa211ac2c2ca2d603650c992886af0a7 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-16memif: show memif CLI enhancementSteven1-39/+115
Add optional keywords to show memif to allow display a particular interface and option to display the descriptor tables. The new syntax for the show memif command is now show memif [<interface>] [descriptors] Change-Id: I20696bbea1142bdc152b6e351c6ece24b1cf5500 Signed-off-by: Steven <sluong@cisco.com>
2017-06-16memif: jumbo frames supportSteven2-148/+272
Current memif interface supports frame size up to 2048. This patch is to enhance memif to support jumbo frames. On tx (writing buffers to the ring), keep reading the next buffer in vlib when the flag VLIB_BUFFER_NEXT_PRESENT and merge it to the same ring entry. Use descriptor chaining if the buffer is not big enough. On rx (reading buffers from the ring), if the packet is greater than 2048, create multiple vlib buffers, chained with the VLIB_BUFFER_NEXT_PRESENT. Testing: Because the ping command provided by VPP does not support jumbo frames, I have to use linux ping. Here is the set up that I use for testing. VM1 --- vhost ---- VPP1 --- memif --- VPP2 --- vhost --- VM2 Create vhost-user interfaces between VM1 and VPP1 and between VPP2 and VM2 VM configuration: Set the interface mtu on the VM, e.g 9216 to support jumbo frames. create static route and static arp on VM1 to VM2 and vice versa. Use iperf3 or ping -s 8000 from VM1 to VM2 or vice versa. Sample run sluong@ubuntu:~$ ping 131.1.1.1 -c1 -s 8000 ping 131.1.1.1 -c1 -s 8000 PING 131.1.1.1 (131.1.1.1) 8000(8028) bytes of data. 8008 bytes from 131.1.1.1: icmp_seq=1 ttl=62 time=0.835 ms --- 131.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.835/0.835/0.835/0.000 ms sluong@ubuntu:~$ DBGvpp# sh interface memif0 Name Idx State Counter Count memif0 1 up rx packets 1 rx bytes 8042 tx packets 1 tx bytes 8042 ip4 1 DBGvpp# Change-Id: I469bece3d45a790dceaee1d6a8e976bd018feee2 Signed-off-by: Steven <sluong@cisco.com>
2017-06-15acl-plugin: store sessions in a single hash table instead of a per-interfaceAndrew Yourtchenko4-22/+39
A bihash-per-interface is convenient, but turns out tricky difficult from the maintenance standpoint with the large number of interfaces. This patch makes the sessions reside in a single hash table for all the interfaces, adding the lower 16 bit of sw_if_index as part of the key into the previously unused space. There is a tradeoff, that a session with an identical 5-tuple and the same sw_if_index modulo 65536 will match on either of the interfaces. The probability of that is deemed sufficiently small to not worry about it. In case it still happens before the heat death of the universe, there is a clib_warning and the colliding packet will be dropped, at which point we will need to bump the hash key size by another u64, but rather not pay the cost of doing that right now. Change-Id: I2747839cfcceda73e597cbcafbe1e377fb8f1889 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-14acl-plugin: shrink the L2 classifier tables used for traffic redirectAndrew Yourtchenko1-17/+17
The previous iteration of the code used the L2 classifier tables for session storage, as a result, the table allocations were pretty big. The new ACL plugin datapath uses the tables just as a redirection mechanism, without adding any entries. Thus, the tables can be much smaller. Change-Id: Ieec4a5abf0abda6e513ab4e675f912f14d47e671 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-13SNAT: fix 1:1 NAT without port hairpinning TCP checksum updateMatus Fabian1-0/+10
Change-Id: I5077fcf3671a6116b475f87e43120efc10ecaa08 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-13memif: fix crash during interface deleteDamjan Marion1-0/+4
Change-Id: Ide6d26d6fcc81be6f26ac0abe2cd0d6a0838cfe6 Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12memif: complete refactor of socket handling codeDamjan Marion11-1146/+1796
Change-Id: I4d41def83a23f13701f1ddcea722d481e4c85cbc Signed-off-by: Damjan Marion <damarion@cisco.com>
2017-06-12NAT64: bug fixMatus Fabian1-1/+20
ICMP to ICMPv6 error message inner UDP packet translation delete ST entries when deleting static BIB entry Change-Id: I2a28631ac040e20827a692331506cd8254f70916 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-12Remove calls to crc_u32 and add clib_crc32c for armv8+crcChristophe Fontaine1-3/+10
crc_u32 was not defined for non x86_64 with SSE4.2 processors. Calls to "crc_u32" are removed and replaced by either a call to clib_crc32c or a call to clib_xxhash, as the result is not used as a check value but as a hash. Change-Id: I3af4d68e2e5ebd0c9b0a6090f848d043cb0f20a2 Signed-off-by: Christophe Fontaine <christophe.fontaine@enea.com>
2017-06-12NAT64: coverity fixMatus Fabian1-2/+14
Change-Id: I08544b2f06f993c8a6435901232a0616d0548b94 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-09acl-plugin: wrap a verbose debug message in the appropriate conditionalAndrew Yourtchenko1-0/+2
Change-Id: Ibd57cb617642e42d4c4d64f186479702b8a81900 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-09dpdk: fix ipsec coverity warningSergio Gonzalez Monroy1-2/+2
CID 170475 Change-Id: I9748dd56bdcb62e68d8f672e5b1619a3be400b8f Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-09NAT64: ICMP error supportMatus Fabian5-15/+202
Added ICMP error messages translation. Added check for multi thread (not supported yet, so init failed). Added API definition for custom NAT64 refix. Change-Id: Ice2f04631af63e594aecc09087a1cf59f3b676fb Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-08acl-plugin: remove clib_warnings on plugin initAndrew Yourtchenko1-3/+0
Change-Id: Ic3c9a914a588824b8abd6668961f731432083c4f Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-08NAT64: Add NAT64 support for snat plugin (VPP-699)Matus Fabian12-11/+3676
Basic NAT64 feature (no hairpinning, no multi-thread). Change-Id: I392fccbce93e70c117f4a9a7ec7cf08d6c537f2d Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-07acl-plugin: add a plugin-specific control-ping message api and make the test ↵Andrew Yourtchenko4-1/+75
code use it This fixes the undesirable pause in the dump commands in case there is nothing to dump. Change-Id: I0554556c9e442038aa2a1ed8c88234f21f7fe9b9 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07acl-plugin: make the ACL plugin multicore-capableAndrew Yourtchenko5-207/+912
Add the logic to be able to use stateful ACLs in a multithreaded setup. Change-Id: I3b0cfa6ca4ea8f46f61648611c3e97b00c3376b6 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07acl-plugin: fix coverity error in acl_test.cAndrew Yourtchenko1-2/+2
Attempting to supply within a VAT CLI to add the ACLs a rule count override with no rules to add would result in null pointer dereference as we attempt to copy those rules to the message. Add the check to avoid copy if the source pointer is null (i.e. if there are no rules to copy from). This commit fixes coverity errors 166797 and 166792. Change-Id: Icabe060d961ba07dc41f63b8e17fca12ff82aa29 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
2017-06-07dpdk: ipsec fixesSergio Gonzalez Monroy2-43/+43
- Fix buffer trace from esp_decrypt node - Fix VLIB_REGISTER_NODE macro format - Remove unnecessary code since we do not reconfigure graph unless requirements are met Change-Id: Ic1c2afffb8265e40a6ced0c8a58775c05fadc9e2 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-07dpdk: fix ipsec coverity warningsSergio Gonzalez Monroy1-2/+3
CID 161044 and 161045 Change-Id: I50a450e231e387f05e354e3b07dc777ab864d018 Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2017-06-07Add support for memif API to VAT.Milan Lenco2-0/+364
Change-Id: I01dc439fc84f9213e55ba56982eff34474637115 Signed-off-by: Milan Lenco <milan.lenco@pantheon.tech>
2017-06-06Rework vxlan-gpe to support FIB 2.0 and bypass modeHongjun Ni1-1/+1
Change-Id: I0324f945bdb4dd3b19151be6f3ce24a47a000104 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>
2017-06-05SNAT: fix ICMP hairpinningMatus Fabian1-1/+67
Change-Id: I9d63133bd1db72917571ade868040c4597c896a1 Signed-off-by: Matus Fabian <matfabia@cisco.com>
2017-06-05More GCC-7 errorsMarco Varlese1-0/+2
The Wmaybe-uninitialized is the new error included with Wall. This patch addresses the warning and fixes it. Change-Id: I8fdf9ff2d236c46b717024a14874fbbbad8af303 Signed-off-by: Marco Varlese <marco.varlese@suse.com>
2017-06-02memif: fix coverity warningsSteven1-0/+2
Check -1 for return from read prior to using the data Change-Id: Ibab7309244de488737ea7938b334fab495bf855d Signed-off-by: Steven <sluong@cisco.com>
2017-06-02Add l3 routing for GTP-U decapHongjun Ni10-14/+25
Change-Id: Ic3c8cd58cb2b02622299cf74c9efcabd2ef2b513 Signed-off-by: Hongjun Ni <hongjun.ni@intel.com>